To solve the problem that the current vulnerability automatic exploitation generation methods cannot automatically generate control-flow-hijacking exploitation from write-what-where, a method of automatic exploitation generation for write-what-where was proposed. First, the write-what-where vulnerability was detected based on the memory address control strength dynamic taint analysis method. Then, the vulnerability exploitation elements were searched based on the vulnerability exploitation modes, and the exploitation of write-what-where vulnerability was generated automatically by constraint solving. The experimental results show that the proposed method can effectively detect write-what-where vul-nerability, search exploitation elements, and automatically generate the control-flow-hijacking exploitation from write-what-where.

• 单位
  中国科学院大学